Security

The Security section shows your account’s current security status and lets you change your password. You can also review best-practice recommendations to keep your account protected.

Navigate to Settings → Security or go to ?section=security.

Account security status

The status card at the top of the page shows:

Email verified — confirms your sign-in email address has been verified
Account type — shown as “Business User”
Signed in as — your email address and the time of your last login

Change your password

Click into the Change password form.
Enter your current password.
Enter your new password — at least 8 characters, mixing uppercase, lowercase, numbers, and special characters.
Confirm your new password.
Click Update password.

Your session remains active after a password change. Other active sessions (for example on a different device) are signed out automatically.

Security recommendations

The page lists four practices worth keeping in mind:

Recommendation	Why it matters
Use a strong, unique password	Prevents credential-stuffing attacks if another service is breached
Keep your email address current	Your email is used for password resets and security alerts
Sign out of shared devices	Prevents unauthorized access from public computers
Monitor your account activity	Lets you catch unexpected sign-ins early

If you suspect unauthorized access

Change your password immediately using the form above, then contact Caramel support. Do not share your login credentials with anyone — support staff will never ask for your password.

Session IP locking

Some accounts have access to advanced session security controls that bind your login sessions to trusted IP addresses or ranges. If this feature is available on your account, it appears within the Security section. See your account settings to check availability.

Owner alerts — add a phone number for urgent account alerts
Team & Permissions — manage which team members can access your workspace